5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
49.4%
Redhat provided OpenSSH is used by IBM Integrated Analytics System. This bulletin provides mitigation for the reported CVE.
CVEID:CVE-2020-14145
**DESCRIPTION:**OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184514 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Integrated Analytics System | 1.0.0-1.0.24.0 |
None
Mitigation for reported CVE CVE-2020-14145is as follows:
This essentially means that this flaw can help attacker’s identify targets an MITM attack. However such a attack would still require the attacker to either have control over DNS or control over the network traffic.
If the network is untrusted, we suggests the use ssh certificates for even more confidence and less human factor involved or gssapi key exchange, where kerberos is used to verify identity of the server.
CPE | Name | Operator | Version |
---|---|---|---|
ibm integrated analytics system | eq | any |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
49.4%